Research On Evaluation Method For Employee's Security Capability Based On Behavior Ontology In Mobile Environment

The insecure behavior of employees is an important reason for the frequent occurrence of information security incidents within the organization. It is an important to improve the organization's overall security situation by Information security capability evaluation. The existing evaluation methods of information security capability are mainly based on test papers, questionnaires and serious games. These evaluation methods based on employees' response are too subjective and lack of authenticity, which make it difficult to assess the complicated and varied security threats in the real scene.Meanwhile, it is hard to reflect the implementation of employees5 information security awareness with these approaches based on their active responses. Considering the significance of employees' behavior, the paper proposed an evaluation method for empolyees' information security capacity based on behavior analysis to make up for the shortcomings of existing methods.Firstly, this paper introduces the basic concepts of ontology, and analyzes the application status and research meaning of security ontology. On this basis,a security behavior ontology model is presented by introducing the security ontology into the behavior analysis. According to application scenarios, this model could establish a secure behavior ontology of users by collecting the behavior data from their mobile devices,which continusly produce behavior data at work. With the established model, we could classify, formalize and make semantic model of smart phone owners' phone, message,network and App behaviors and their related subdivison actions of all behaviors mentioned above.Afterwards, this paper introduces the basic concepts, application fields and common tools of SWRL inference rules. According to the sequence relationship between users'behavior,we propose a dynamic construction algorithm of behavior association graph,and develop a set of behavior association rules based on SWRL language to realize the dynamic analysis for their multi-step behaviors. Moreover, aiming at finding out insecure behavior from a large amount of behavior data, the classification algorithms are used to determine and identify those insecure behaviors in the paper.According to the result of identification, the judging rules of unsafe behavior are extracted and stored in the form of SWRL in the inference library.On the basis of proposed behavior association graph and SWRL based security identification rules,an algorithm is presented to find out paths of multi-step insecure behaviors.Finally, with the purpose of carrying on the quantitative analysis of the employee's information security ability, the competency model is introduced, and then an evaluation model of employee information security capability based on it is put forward in this paper. By setting up the dominant and implicit indicators, we evaluate the employees'information security ability quantitatively based on the model from the three aspects of their comprehensiveness, alertness, and introspection. Based on that, an Android based prototype system of employees' information security capability evaluation is implemented later.The experiment shows that this method can effectively find out paths of users' insecure behavior, and assess their information security capacity levels based on behaviors,which provides a new idea and approach for evaluating Android smart mobilephone users' information security capability.